exploitDog

CVE-2024-22543

Опубликовано: 27 фев. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.

Ссылки

https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-authentication-bypass-on-the-Linksys-Router-E1700-f56f9c4b15e7443fa237bd1b101a18d2
Exploit
Third Party Advisory
https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-authentication-bypass-on-the-Linksys-Router-E1700-f56f9c4b15e7443fa237bd1b101a18d2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:linksys:e1700_firmware:1.0.04:*:*:*:*:*:*:*

cpe:2.3:h:linksys:e1700:-:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-613

Связанные уязвимости

GHSA-fpg4-3688-q56c

CVSS3: 6.1

github

почти 2 года назад

An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.

EPSS

Процентиль: 25%

0.00085

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-613